[Mimedefang] Modify SA score if to many unknown users

Dave Ellenberger dave at nofuture.ch
Mon Sep 22 08:02:01 EDT 2003


Hi,

First, sorry for my poor english.

On my mailsystem I often see spamer trying to send spam to users which have
been already deleted long time ago. Example:

Sep 22 13:46:49 mx01 sm-mta[32284]: h8MBkmjJ032284:
<someuser1 at mydomain.com>... User unknown
Sep 22 13:46:49 mx01 sm-mta[32284]: h8MBkmjJ032284:
<someuser2 at mydomain.com>... User unknown
Sep 22 13:46:49 mx01 sm-mta[32284]: h8MBkmjJ032284:
<someuser3 at mydomain.com>... User unknown

Many spamers use CC function, so it's simply 1 spam mail with 15 - sometimes
up to 30 recipients. Some of the recipient addresses exist (user recieves the
spam...) some not.

My domain is older than 6 years, so there are email addresses which doesn't
exist any more since years, but these show up in email spam listings which
were traded/sold by spamers. I though I could make use of this somehow and
turn this against the spamers. My idea is to SA score for each email recipient
lookup failure.

Anyone already tried to do something like this? A clean and good way I mean ;-)

I could of course read the headers of each mail and lookup the addresses in
virtusertable.db/aliases.db or whatever. But this isn't very good for
performance I guess.

-Dave




More information about the MIMEDefang mailing list